LibCrypto: Implement HMAC

Libraries/LibCrypto/Authentication/HMAC.h

@@ -0,0 +1,134 @@
+/*
+ * Copyright (c) 2020, Ali Mohammad Pur <ali.mpfard@gmail.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice, this
+ *    list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+#include <AK/ByteBuffer.h>
+#include <AK/String.h>
+#include <AK/StringBuilder.h>
+#include <AK/StringView.h>
+#include <AK/Types.h>
+#include <AK/Vector.h>
+
+constexpr static auto IPAD = 0x36;
+constexpr static auto OPAD = 0x5c;
+
+namespace Crypto {
+namespace Authentication {
+    template <typename HashT>
+    class HMAC {
+    public:
+        using HashType = HashT;
+        using TagType = typename HashType::DigestType;
+        static constexpr size_t BlockSize = HashType::BlockSize;
+        static constexpr size_t DigestSize = HashType::DigestSize;
+
+        template <typename KeyBufferType, typename... Args>
+        HMAC(KeyBufferType key, Args... args)
+            : m_inner_hasher(args...)
+            , m_outer_hasher(args...)
+        {
+            derive_key(key);
+            reset();
+        }
+
+        TagType process(const u8* message, size_t length)
+        {
+            reset();
+            update(message, length);
+            return digest();
+        }
+
+        void update(const u8* message, size_t length)
+        {
+            m_inner_hasher.update(message, length);
+        }
+
+        TagType process(const ByteBuffer& buffer) { return process(buffer.data(), buffer.size()); }
+        TagType process(const StringView& string) { return process((const u8*)string.characters_without_null_termination(), string.length()); }
+        void update(const ByteBuffer& buffer) { return update(buffer.data(), buffer.size()); }
+        void update(const StringView& string) { return update((const u8*)string.characters_without_null_termination(), string.length()); }
+
+        TagType digest()
+        {
+            m_outer_hasher.update(m_inner_hasher.digest().data, m_inner_hasher.DigestSize);
+            auto result = m_outer_hasher.digest();
+            reset();
+            return result;
+        }
+
+        void reset()
+        {
+            m_inner_hasher.reset();
+            m_outer_hasher.reset();
+            m_inner_hasher.update(m_key_data, BlockSize);
+            m_outer_hasher.update(m_key_data + BlockSize, BlockSize);
+        }
+
+        String class_name() const
+        {
+            StringBuilder builder;
+            builder.append("HMAC-");
+            builder.append(m_inner_hasher.class_name());
+            return builder.build();
+        }
+
+    private:
+        void derive_key(const u8* key, size_t length)
+        {
+            u8 v_key[BlockSize];
+            __builtin_memset(v_key, 0, BlockSize);
+            ByteBuffer key_buffer = ByteBuffer::wrap(v_key, BlockSize);
+            // m_key_data is zero'd, so copying the data in
+            // the first few bytes leaves the rest zero, which
+            // is exactly what we want (zero padding)
+            if (length > BlockSize) {
+                m_inner_hasher.update(key, length);
+                auto digest = m_inner_hasher.digest();
+                // FIXME: should we check if the hash function creates more data than its block size?
+                key_buffer.overwrite(0, digest.data, sizeof(TagType));
+            } else {
+                key_buffer.overwrite(0, key, length);
+            }
+
+            // fill out the inner and outer padded keys
+            auto* i_key = m_key_data;
+            auto* o_key = m_key_data + BlockSize;
+            for (size_t i = 0; i < BlockSize; ++i) {
+                auto key_byte = key_buffer[i];
+                i_key[i] = key_byte ^ IPAD;
+                o_key[i] = key_byte ^ OPAD;
+            }
+        }
+
+        void derive_key(const ByteBuffer& key) { derive_key(key.data(), key.size()); }
+        void derive_key(const StringView& key) { derive_key((const u8*)key.characters_without_null_termination(), key.length()); }
+
+        HashType m_inner_hasher, m_outer_hasher;
+        u8 m_key_data[BlockSize * 2];
+    };
+}
+}

Libraries/LibCrypto/Cipher/AES.h

@@ -120,6 +120,8 @@ namespace Cipher {
         virtual void encrypt_block(const BlockType& in, BlockType& out) override;
         virtual void decrypt_block(const BlockType& in, BlockType& out) override;
 
+        virtual String class_name() const override { return "AES"; }
+
     protected:
         AESCipherKey m_key;
     };

Libraries/LibCrypto/Cipher/Cipher.h

@@ -129,6 +129,8 @@ namespace Cipher {
         virtual void encrypt_block(const BlockType& in, BlockType& out) = 0;
         virtual void decrypt_block(const BlockType& in, BlockType& out) = 0;
 
+        virtual String class_name() const = 0;
+
     private:
         PaddingMode m_padding_mode;
     };

Libraries/LibCrypto/Cipher/Mode/CBC.h

@@ -26,6 +26,8 @@
 
 #pragma once
 
+#include <AK/String.h>
+#include <AK/StringBuilder.h>
 #include <LibCrypto/Cipher/Mode/Mode.h>
 
 namespace Crypto {
@@ -40,6 +42,14 @@ namespace Cipher {
         {
         }
 
+        virtual String class_name() const override
+        {
+            StringBuilder builder;
+            builder.append(this->cipher().class_name());
+            builder.append("_CBC");
+            return builder.build();
+        }
+
         virtual Optional<ByteBuffer> encrypt(const ByteBuffer& in, ByteBuffer& out, Optional<ByteBuffer> ivec = {}) override
         {
             auto length = in.size();

Libraries/LibCrypto/Cipher/Mode/Mode.h

@@ -50,6 +50,8 @@ namespace Cipher {
                 return ByteBuffer::create_uninitialized(input_size + T::block_size() - remainder);
         }
 
+        virtual String class_name() const = 0;
+
     protected:
         T& cipher() { return m_cipher; }
 

Libraries/LibCrypto/Hash/HashFunction.h

@@ -49,6 +49,7 @@ namespace Hash {
         virtual void update(const StringView& string) = 0;
 
         virtual DigestType digest() = 0;
+        virtual String class_name() const = 0;
     };
 }
 }

Libraries/LibCrypto/Hash/MD5.h

@@ -26,6 +26,7 @@
 
 #pragma once
 
+#include <AK/String.h>
 #include <AK/Types.h>
 #include <LibCrypto/Hash/HashFunction.h>
 
@@ -79,6 +80,8 @@ namespace Hash {
         virtual void update(const StringView& string) override { update((const u8*)string.characters_without_null_termination(), string.length()); };
         virtual DigestType digest() override;
 
+        virtual String class_name() const override { return "MD5"; }
+
         inline static DigestType hash(const u8* data, size_t length)
         {
             MD5 md5;